Discover Centmin Mod today
Register Now

Security Ouch VestaCP servers hacked !

Discussion in 'System Administration' started by eva2000, Apr 8, 2018.

Tags:
  1. Revenge

    Revenge Active Member

    382
    80
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +287
    Local Time:
    2:27 PM
    1.9.x
    10.1.x
    Their site is working for me.
     
  2. eva2000

    eva2000 Administrator Staff Member

    33,668
    7,456
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,461
    Local Time:
    11:27 PM
    Nginx 1.13.x
    MariaDB 5.5
    Forum just came back for me now :)

    hmmm Got 10 VestaCP servers exploited - Page 44 - Vesta Control Panel - Forum
    fresh install and still infected ?
     
  3. Revenge

    Revenge Active Member

    382
    80
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +287
    Local Time:
    2:27 PM
    1.9.x
    10.1.x
  4. eva2000

    eva2000 Administrator Staff Member

    33,668
    7,456
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,461
    Local Time:
    11:27 PM
    Nginx 1.13.x
    MariaDB 5.5
    well not good news from Patrick Williams a well known security person from Rack911. Well good in that VestaCP devs now have a chance to patch these up.

    VestaCP zero-day exploit | Web Hosting Talk
    VestaCP hit with zeroday exploit [Patch Released, Unclear If Resolved] - Page 4
     
  5. Revenge

    Revenge Active Member

    382
    80
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +287
    Local Time:
    2:27 PM
    1.9.x
    10.1.x
    In VestaCP forum, many people were saying something related to roundcube, that it seemed the exploit was from there.
    VestaCP installs Roundcube.

    Coincidence or not, yesterday Roudcube released a security update for an injection vulnerability:

     
    • Informative Informative x 1
  6. eva2000

    eva2000 Administrator Staff Member

    33,668
    7,456
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,461
    Local Time:
    11:27 PM
    Nginx 1.13.x
    MariaDB 5.5
    From that news and Patrick's i think there's multiple root level exploits in VestaCP so a multi vector attack is probably most likely - all leading to compromise. Will be interesting to see what is revealed vulnerability wise after VestaCP patches everything.
     
  7. eva2000

    eva2000 Administrator Staff Member

    33,668
    7,456
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,461
    Local Time:
    11:27 PM
    Nginx 1.13.x
    MariaDB 5.5
  8. Revenge

    Revenge Active Member

    382
    80
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +287
    Local Time:
    2:27 PM
    1.9.x
    10.1.x
     
    • Informative Informative x 1
  9. eva2000

    eva2000 Administrator Staff Member

    33,668
    7,456
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,461
    Local Time:
    11:27 PM
    Nginx 1.13.x
    MariaDB 5.5
  10. robert syputa

    robert syputa New Member

    18
    4
    3
    Jan 18, 2018
    Seattle
    Ratings:
    +11
    Local Time:
    9:27 AM
    latest
    10
    Thanks - great heads up. You bring out the strength of sharing.
     
  11. Revenge

    Revenge Active Member

    382
    80
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +287
    Local Time:
    2:27 PM
    1.9.x
    10.1.x
    @eva2000 are you registered in lowendtalk? Im not and they ask for review.

    I posted what patrick said in Vesta forum and i received one PM from one of their Dev's with:

    Can you pass this message to Patrick?
     
  12. eva2000

    eva2000 Administrator Staff Member

    33,668
    7,456
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,461
    Local Time:
    11:27 PM
    Nginx 1.13.x
    MariaDB 5.5
    Just passed it on to Patrick/SecNinja on LET
     
    • Like Like x 1
..